reportedip/reportedip-blacklist
GitHub: reportedip/reportedip-blacklist
社区驱动的 IP 威胁情报黑名单,每日更新,提供按攻击类型分类的列表和可直接部署的防火墙配置文件。
Stars: 9 | Forks: 0
# ReportedIP 黑名单
社区驱动的 IP 威胁情报,每日更新。
**[https://reportedip.de](https://reportedip.de)**
## 仓库结构 / Repository Structure
```
reportedip-blacklist/
├── README.md
├── LICENSE CC BY 4.0
├── metadata.json Version, SHA-256 Checksums, Stats
│
├── blacklist-all.txt All IPs, one per line
├── blacklist-all.json All IPs with confidence + categories
├── blacklist-all.csv ip, confidence, categories, last_reported
│
├── lists/ Thematic lists
│ ├── spam.txt Web / Email / Blog Spam
│ ├── brute-force.txt FTP / SSH / Login Brute-Force
│ ├── cms-login.txt WordPress / Drupal / CMS Backend Login
│ ├── web-attacks.txt SQLi, Hacking, Bots, WebApp Attacks
│ ├── malware.txt Ransomware, Trojans, Crypto-Mining
│ ├── ddos.txt DDoS, Ping of Death
│ ├── fraud.txt Phishing, Fraud, Spoofing
│ ├── infrastructure.txt DNS Abuse, Open Proxy, Port Scan
│ └── apt.txt IoT Botnet, Supply Chain, Zero-Day, APT
│
└── formats/ Firewall-ready configs
├── nginx-deny.conf
├── apache-htaccess.txt
└── iptables.sh
```
## 主题列表 / Thematic Lists
| 文件 / File | 描述 / Description | 类别 / Categories |
|---|---|---|
| `lists/spam.txt` | Web、邮件和博客垃圾信息 / Web, email & blog spam | 10, 11, 12 |
| `lists/brute-force.txt` | FTP、SSH 和登录暴力破解 / FTP, SSH & login brute-force | 5, 18, 22 |
| `lists/cms-login.txt` | WordPress、Drupal 和 CMS 后端登录攻击 / WordPress, Drupal & CMS backend login attacks | 5, 15, 18, 19, 21 |
| `lists/web-attacks.txt` | SQL 注入、黑客攻击、机器人、Web 应用攻击 / SQLi, hacking, bots, web app attacks | 15, 16, 19, 21 |
| `lists/malware.txt` | 勒索软件、木马、加密挖矿 / Ransomware, trojans, crypto-mining | 20, 24, 25, 26, 27 |
| `lists/ddos.txt` | DDoS 攻击、死亡之 Ping / DDoS attacks, ping of death | 4, 6 |
| `lists/fraud.txt` | 钓鱼、欺诈、欺骗 / Phishing, fraud, spoofing | 3, 7, 8, 17 |
| `lists/infrastructure.txt` | DNS 滥用、开放代理、端口扫描 / DNS abuse, open proxy, port scan | 1, 2, 9, 14 |
| `lists/apt.txt` | IoT 僵尸网络、供应链、零日漏洞、国家级 APT / IoT botnet, supply chain, zero-day, nation-state APT | 23, 28, 29, 30 |
一个 IP 可能同时出现在多个主题列表中。
An IP may appear in multiple thematic lists at the same time.
## 文件格式 / File Formats
### blacklist-all.txt
纯文本文件,每行一个 IP 地址。注释以 `#` 开头。
Plain text, one IP address per line. Comments start with `#`.
### blacklist-all.json
```
[
{
"ip": "1.2.3.4",
"confidence": 92,
"categories": ["brute-force", "web-attacks"],
"last_reported": "2026-02-26T12:00:00+00:00"
}
]
```
| 字段 / Field | 描述 / Description |
|---|---|
| `ip` | IPv4 或 IPv6 地址或 CIDR 范围 / IPv4 or IPv6 address or CIDR range |
| `confidence` | 置信度分数 0 – 100(越高 = 越恶意) / Confidence score 0 – 100 (higher = more malicious) |
| `categories` | 关联的主题列表 / Associated thematic lists |
| `last_reported` | 最后报告时间戳(ISO 8601)/ Last report timestamp (ISO 8601) |
### blacklist-all.csv
```
ip,confidence,categories,last_reported
1.2.3.4,92,"brute-force;web-attacks",2026-02-26T12:00:00+00:00
```
### metadata.json
包含版本信息、总数、各列表细目以及所有文件的 SHA-256 校验和。
Contains version info, total counts, per-list breakdown, and SHA-256 checksums for all files.
## 使用方法 / Usage
### 下载
```
# 所有 IP / All IPs
wget https://raw.githubusercontent.com/reportedip/reportedip-blacklist/main/blacklist-all.txt
# 仅 Brute-Force IP / Brute-force IPs only
curl -sO https://raw.githubusercontent.com/reportedip/reportedip-blacklist/main/lists/brute-force.txt
# 带元数据的 JSON / JSON with metadata
curl -s https://raw.githubusercontent.com/reportedip/reportedip-blacklist/main/blacklist-all.json | jq '.[0:5]'
```
### iptables (Linux)
```
wget -q https://raw.githubusercontent.com/reportedip/reportedip-blacklist/main/formats/iptables.sh \
-O /tmp/reportedip-block.sh
chmod +x /tmp/reportedip-block.sh
sudo /tmp/reportedip-block.sh
```
### Nginx
```
wget -q https://raw.githubusercontent.com/reportedip/reportedip-blacklist/main/formats/nginx-deny.conf \
-O /etc/nginx/conf.d/reportedip-deny.conf
sudo nginx -t && sudo nginx -s reload
```
```
# 在您的 server 块中 / In your server block:
include /etc/nginx/conf.d/reportedip-deny.conf;
```
### Apache
```
wget -q https://raw.githubusercontent.com/reportedip/reportedip-blacklist/main/formats/apache-htaccess.txt \
-O /tmp/reportedip-deny.txt
```
将内容合并到您的 `.htaccess` 或 `httpd.conf` 中。
Merge the content into your `.htaccess` or `httpd.conf`.
### 自动更新 (Cron)
```
# 每日 04:00 UTC 更新 / Update daily at 04:00 UTC
0 4 * * * wget -q https://raw.githubusercontent.com/reportedip/reportedip-blacklist/main/formats/iptables.sh -O /tmp/reportedip-block.sh && chmod +x /tmp/reportedip-block.sh && /tmp/reportedip-block.sh
```
## 数据质量 / Data Quality
- 所有 IP 均来自 **ReportedIP 社区信誉系统**,并进行置信度分数计算。 / All IPs come from the **ReportedIP community reputation system** with confidence score calculation.
- 只有置信度分数 **>= 75%** 的 IP 才会被收录。 / Only IPs with a confidence score of **>= 75%** are included.
- **白名单检查**:已知的合法 IP(例如大型搜索引擎、CDN 提供商)会被排除。 / **Whitelist check**: Known legitimate IPs (e.g. major search engines, CDN providers) are excluded.
- **48 小时延迟**:新报告在 48 小时后才会出现在这些列表中,以减少误报。 / **48-hour delay**: New reports appear in these lists only after 48 hours, reducing false positives.
- **每日更新**:仓库每天自动更新一次。 / **Daily updates**: The repository is updated automatically once daily.
## 免责声明 / Disclaimer
**中文:** 这些黑名单按“原样”提供,不提供任何形式的保证。使用风险自负。运营者不对因使用这些列表而产生的任何损害承担责任。用户有责任在生产环境中部署数据之前对其进行审查和验证。
**English:** These blacklists are provided as-is, without any warranty of any kind, express or implied. Use at your own risk. The operator assumes no liability for any damages arising from the use of these lists. It is the user's responsibility to review and validate the data before deploying it in production environments.
## 联系方式 / Contact
报告错误条目或举报 IP / Report a false positive or report an IP:
- **E-Mail:** [abuse@reportedip.de](mailto:abuse@reportedip.de)
- **Web:** [https://reportedip.de](https://reportedip.de)
## 许可证 / License
Copyright (c) 2026 ReportedIP / Patrick Schlesinger
本作品根据 [知识共享署名 4.0 国际许可协议 (CC BY 4.0)](https://creativecommons.org/licenses/by/4.0/) 进行授权。
This work is licensed under the [Creative Commons Attribution 4.0 International License (CC BY 4.0)](https://creativecommons.org/licenses/by/4.0/).
您可以共享和改编本素材,前提是必须注明 **ReportedIP** ([reportedip.de](https://reportedip.de)) 为来源。
You are free to share and adapt the material, as long as you give appropriate credit to **ReportedIP** ([reportedip.de](https://reportedip.de)).
*由 [ReportedIP](https://reportedip.de) 于 2026-03-09 自动生成 / Auto-generated by [ReportedIP](https://reportedip.de) on 2026-03-09*
标签:Apache, APT, Brute-Force, CISA项目, Cutter, DDoS, DNS通配符暴力破解, Homebrew安装, Iptables, IP 地址批量处理, IP黑名单, Malware, Nginx, Phishing, Spam, 威胁情报, 安全运营, 密码管理, 开发者工具, 恶意IP, 扫描框架, 社区驱动, 网络安全, 配置错误, 防御列表, 防火墙规则, 隐私保护, 风险阻断